记一次No appropriate protocol (protocol is disabled or cipher suites are inappropriate)调用异常及解决办法

背景

前几天在对项目做数据源切换时，发现切换完数据源后项目无法启动，一直报如下异常：

### Error querying database.  Cause: ERR-CODE: [TDDL-4102][ERR_ATOM_GET_CONNECTION_FAILED_KNOWN_REASON] Get connection for db '*********' failed because Communications link failure
the last packet successfully received from the server was 2 milliseconds ago.  The last packet sent successfully to the server was 2 milliseconds ago.. 
### The error may exist in file [/Users/eleme/IdeaProjects/kbtdatadistribute/kbtdatadistribute-dal/target/classes/mybatis/mapper/data/FsDataSourceMapper.xml]
Caused by: com.alibaba.druid.pool.GetConnectionTimeoutException: wait millis 5005, active 0, maxActive 10
 at com.alibaba.druid.pool.DruidDataSource.getConnectionInternal(DruidDataSource.java:1221)
 at com.alibaba.druid.pool.DruidDataSource.getConnectionDirect(DruidDataSource.java:1045)
 at com.alibaba.druid.filter.FilterChainImpl.dataSource_connect(FilterChainImpl.java:4544)
 at com.alibaba.druid.filter.stat.StatFilter.dataSource_getConnection(StatFilter.java:662)
 at com.alibaba.druid.filter.FilterChainImpl.dataSource_connect(FilterChainImpl.java:4540)


 -------------------------分隔线--------------------------------

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.HandshakeContext.(HandshakeContext.java:171) ~[na:1.8.0_291]
at sun.security.ssl.ClientHandshakeContext.(ClientHandshakeContext.java:101) ~[na:1.8.0_291]
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:238) ~[na:1.8.0_291]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394) ~[na:1.8.0_291]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373) ~[na:1.8.0_291]  

乍一看以为是数据库连接配置问题，便针对Communications link failure这个问题一顿百度谷歌，未果，后来在大佬的排查点拨下，发现其根本原因并不是由于数据库配置，最后报的No appropriate protocol (protocol is disabled or cipher suites are inappropriate)这个才是关键，而导致这个问题的，竟是jdk版本过高导致，jdk1.8高版本对ssl做了限制，而我的jdk版本为jdk1.8.0_291

 

解决办法

打开jdk所在目录 cd /Library/Java/JavaVirtualMachines
修改文件：vim /jdk1.8.0_291.jdk/Contents/Home/jre/lib/security/java.security
找到如下内容：

jdk.tls.disabledAlgorithms=TLSv1.1, RC4, DES, MD5withRSA, \
                            DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
                            include jdk.disabled.namedCurves

去除 jdk.tls.disabledAlgorithms 中 SSLv3, TLSv1, TLSv1.1三项协议，然后重启项目即可

 

 

(19条消息) 记一次No appropriate protocol (protocol is disabled or cipher suites are inappropriate)调用异常及解决办法_he3more的博客-CSDN博客_no appropriate protocol